The way we communicate was changed forever by the advent of e-mail. However infuriating it may be at times, how would we manage without it? It is direct but it can be damaging, and dangerous.
Many organisations do not realise that while their people use the corporate e-mail system for both personal and business correspondence, the content can render both the company and the individual sending the message liable to litigation.
The legal framework could require a board member to attend a court of law to answer for an e-mail abuse perpetrated within the company.
E-mail is the most used and abused application in any corporate environment, yet within most organisations it receives the least attention when it comes to policy management.
The Enron scandal and other examples are changing that, and e-mail is receiving more attention at board level.
To minimise the risk of legal exposure today's corporate board member must address three areas:
- Individual responsibility
- Clear policy
- External auditing.
Your responsibility as an individual is clear in some areas - you know the difference between right and wrong. However there are huge gaps here that can only be filled by a clear, concise and compelling policy.
To build an effective corporate policy you should establish a policy group, which would include the HR director to cover all legal issues such as informing staff of the policy; the security director to address e-mail archiving and lockdown; and the technical consultant for implementation of the policy; and, of course, it should be chaired by the IT director.
First set up a policy and invite people to contribute and be involved in its content, then make sure everyone understands it.
From then on the group will take control of it and ensure it is kept up to date. Each quarter they should seek an external e-mail audit, to measure how effective the policy is.
The use of an external auditor is key to unbiased reporting, and will provide critical facts on information flowing in and out of the company, including pornographic, sexist or defamatory remarks which could be embedded in spreadsheets.
It is absolutely critical that people are forewarned of the first two audits. I believe in personal freedoms, but that is very different from personal licence. Call it "big brother" if you like - complain about lack of trust, but ultimately we have to appreciate, and take personal responsibility for, the consequences of our actions.
So, next time, before you press F5, or or the Send button, just check that e-mail through, once again. Remember, once it has disappeared into the ether, it will stay there forever.
David Taylor is president of IT directors association Certus